Wi-Fi Enabled Refrigerator Started Sending Spam Emails

It has been claimed that far from keeping tins of spam cool a Wi Fi connected smart fridge had been taken over by hackers who used it to send spam emails instead.

According to the security vendor, Proofpoint between
December 23 last year and January 6, more than 100,000 internet-connected devices, including media players, televisions and at least one refrigerator, were part of
a network of computers used to send 750,000 spam emails.

Hackers have been using virus infected desktop computers for years to send
spam emails on their behalf, but this is thought to be the first large-scale
deployment of M2M devices to achieve the same effect.

Virus infected computers are usually fairly easy to treat with off-the-shelf
anti-virus software and a bit of user education about not visiting weird
websites. However, M2M modules are rarely monitored by their users, and tend to
appear as isolated sealed boxes, even though they are using the domestic Wi-Fi
network to connect to remote servers.

Proofpoint says that its findings reveal that cyber criminals have begun to
commandeer home routers, smart appliances and other components of the Internet
of Things and transform them into "thingbots" to carry out the same
type of malicious activity.

No more than 10 emails were initiated from any single IP address, making the
attack difficult to block based on location - and in many cases, the devices
had not been subject to a sophisticated compromise; instead, misconfiguration
and the use of default passwords left the devices completely exposed on public
networks, available for takeover and use.

"Internet-enabled devices represent an enormous threat because they are
easy to penetrate, consumers have little incentive to make them more secure, the
rapidly growing number of devices can send malicious content almost undetected,
few vendors are taking steps to protect against this threat, and the existing
security model simply won't work to solve the problem," explained Michael
Osterman, principal analyst at Osterman Research.

As the number of such connected devices is expected to grow to more than four
times the number of connected computers in the next few years according to media
reports, proof of an IoT-based attack has significant security implications for
device owners and Enterprise targets.

All rights reserved. Reproduction of this website,in whole or in part, in any form or medium without express written permission from cellular-news is prohibited. Your use of this website is subject to legal terms - Site Map.